Youngzsoft Cmailserver vulnerabilities
7 known vulnerabilities affecting youngzsoft/cmailserver.
Total CVEs
7
CISA KEV
0
Public exploits
3
Exploited in wild
0
Severity breakdown
CRITICAL3HIGH1MEDIUM3
Vulnerabilities
Page 1 of 1
CVE-2008-6922P3CRITICALCVSS 9.3PoCv5.4.62009-08-10
CVE-2008-6922 [CRITICAL] CWE-119 CVE-2008-6922: Multiple stack-based buffer overflows in CMailCOM.dll in CMailServer 5.4.6 allow remote attackers to
Multiple stack-based buffer overflows in CMailCOM.dll in CMailServer 5.4.6 allow remote attackers to execute arbitrary code via a long argument to the (1) CreateUserPath, (2) Logout, (3) DeleteMailByUID, (4) MoveToInbox, (5) MoveToFolder, (6) DeleteMailEx, (7) GetMailDataEx, (8) SetReplySign, (9) SetForwardSign, and (10) SetReadSign methods, which a
nvd
CVE-2003-0280P3CRITICALCVSS 10.0PoCv4.0.2003.23.272003-06-16
CVE-2003-0280 [CRITICAL] CVE-2003-0280: Multiple buffer overflows in the SMTP Service for ESMTP CMailServer 4.0.2003.03.27 allow remote atta
Multiple buffer overflows in the SMTP Service for ESMTP CMailServer 4.0.2003.03.27 allow remote attackers to execute arbitrary code via long (1) MAIL FROM or (2) RCPT TO commands.
nvd
CVE-2002-0799P3HIGHCVSS 7.5PoCv3.302002-08-12
CVE-2002-0799 [HIGH] CVE-2002-0799: Buffer overflow in YoungZSoft CMailServer 3.30 allows remote attackers to execute arbitrary code via
Buffer overflow in YoungZSoft CMailServer 3.30 allows remote attackers to execute arbitrary code via a long USER argument.
nvd
CVE-2004-1129P3CRITICALCVSS 10.0v5.2.02005-01-10
CVE-2004-1129 [CRITICAL] CVE-2004-1129: SQL injection vulnerability in (1) fdelmail.asp, (2) addressc.asp, and possibly (3) postmail.asp and
SQL injection vulnerability in (1) fdelmail.asp, (2) addressc.asp, and possibly (3) postmail.asp and (4) fmvmail.asp in CMailServer 5.2 allow remote attackers to inject arbitrary SQL commands and delete mail metadata or e-mail addresses of contacts via the indexOfMail parameter.
nvd
CVE-2004-1130P4MEDIUMCVSS 6.8v5.2.02005-01-10
CVE-2004-1130 [MEDIUM] CVE-2004-1130: Cross-site scripting (XSS) vulnerability in admin.asp in CMailServer 5.2 allows remote attackers to
Cross-site scripting (XSS) vulnerability in admin.asp in CMailServer 5.2 allows remote attackers to execute arbitrary web script or HTML via personal information fields, such as (1) username, (2) name, or (3) comments.
nvd
CVE-2007-1927P4MEDIUMCVSS 4.3≤ 5.3.42007-04-10
CVE-2007-1927 [MEDIUM] CVE-2007-1927: Cross-site scripting (XSS) vulnerability in signup.asp in CmailServer WebMail 5.3.4 and earlier allo
Cross-site scripting (XSS) vulnerability in signup.asp in CmailServer WebMail 5.3.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the POP3Mail parameter.
nvd
CVE-2007-1991P4MEDIUMCVSS 4.3≤ 5.4.32007-04-12
CVE-2007-1991 [MEDIUM] CVE-2007-1991: Cross-site scripting (XSS) vulnerability in mail/signup.asp in CmailServer WebMail 5.4.3, and possib
Cross-site scripting (XSS) vulnerability in mail/signup.asp in CmailServer WebMail 5.4.3, and possibly earlier, allows remote attackers to inject arbitrary web script or HTML via the Comment parameter, a different vector than CVE-2007-1927.
nvd